8ce47bd487491867e829ede51ee44414d19c2817bb161a1adc74d9dd9640f1ac

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2024, 08:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c2967dacc1b49c5738edfe378d43a7b6_JaffaCakes118.html
Size

7KB
MD5

c2967dacc1b49c5738edfe378d43a7b6
SHA1

d38674832cfb3ecdc6d8da20e3d653df5053637e
SHA256

8ce47bd487491867e829ede51ee44414d19c2817bb161a1adc74d9dd9640f1ac
SHA512

678abc647aaa62f1316e1527ea9684222fc409ec40044acb7157e46b1aa87e775f2920b53a2ad2258947a00f35def76cf21fdc4f8d47fe55783224c2f4d950b2
SSDEEP

96:uzVs+ux7mHLLY1k9o84d12ef7CSTUzq7CY4WcEZ7ru7f:csz7mHAYS/ZCY4Wb76f

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1584	msedge.exe
1584	msedge.exe
64	msedge.exe
64	msedge.exe
440	identity_helper.exe
440	identity_helper.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 64 wrote to memory of 1596	64	msedge.exe	84
PID 64 wrote to memory of 1596	64	msedge.exe	84
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1780	64	msedge.exe	85
PID 64 wrote to memory of 1584	64	msedge.exe	86
PID 64 wrote to memory of 1584	64	msedge.exe	86
PID 64 wrote to memory of 1608	64	msedge.exe	87
PID 64 wrote to memory of 1608	64	msedge.exe	87
PID 64 wrote to memory of 1608	64	msedge.exe	87
PID 64 wrote to memory of 1608	64	msedge.exe	87
PID 64 wrote to memory of 1608	64	msedge.exe	87
PID 64 wrote to memory of 1608	64	msedge.exe	87
PID 64 wrote to memory of 1608	64	msedge.exe	87
PID 64 wrote to memory of 1608	64	msedge.exe	87
PID 64 wrote to memory of 1608	64	msedge.exe	87
PID 64 wrote to memory of 1608	64	msedge.exe	87
PID 64 wrote to memory of 1608	64	msedge.exe	87
PID 64 wrote to memory of 1608	64	msedge.exe	87
PID 64 wrote to memory of 1608	64	msedge.exe	87
PID 64 wrote to memory of 1608	64	msedge.exe	87
PID 64 wrote to memory of 1608	64	msedge.exe	87
PID 64 wrote to memory of 1608	64	msedge.exe	87
PID 64 wrote to memory of 1608	64	msedge.exe	87
PID 64 wrote to memory of 1608	64	msedge.exe	87
PID 64 wrote to memory of 1608	64	msedge.exe	87
PID 64 wrote to memory of 1608	64	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c2967dacc1b49c5738edfe378d43a7b6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bcad46f8,0x7ff8bcad4708,0x7ff8bcad4718
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8508856113548019740,12017737433219209798,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
477B

MD5
789a5cbf556f4edad8bf4357f05ad6b4

SHA1
62b8cb53c62b307dd2f06279842ef3c2ff78c985

SHA256
37d3e1225aff1eec3ba4cdd79fcc113ad0268e90cd4a91d6347c9f97488700ad

SHA512
908658baf2fb5ce0c8a88f48f46e762143f262f4760c8f08bfc210627bfe730942df3d28e1c0a596f4c55be6ec63db629d8b3f596773c5cd5d3b48d0fe036b3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
157446f0833f41af0a1b6c5f2472de77

SHA1
30af7de4dfaf22d3f2febf0b3b6901bb29a79e41

SHA256
74eabba3ab8207d01108de1f91e5cd83fc1b75f2b7a123e4ebf36aa0d9b5e180

SHA512
8e36f943306655e42955b34fe2a1b47fc8afaa228148bfb44309e1ead6e616e4a60b173e672f090d0c6cc073fb7c7dc194fdd78bb8c013a9c6b2814ff89ecd44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cf30a21868cdf8513f5fe4c56ecf98a3

SHA1
1c3162454b77210d612e65084abe199a273f6ba8

SHA256
e4316bf6e40c578c5db402f0eb368a7b54892ca6f96808dfaf0982bc458a1826

SHA512
47d5f87524ab867e7ee5a25da35776e0c08c679a16b312cf36be97d0403df7086869c3ac1dd584dae3ec0d5583fbef19ae3e502ee1d73162069851d94ffe1517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
11677970cc63d39684ac0b68f899a104

SHA1
7d09e6ea3fbd7be38403e0008e595e44e310383f

SHA256
f31cb3bf3b7b40209eb0df7b59f92062d6a18936139f7fbc386e0b1d114074c1

SHA512
18721328312b3c9d677a95c22a2b069b8b5b84496c44e6fbd0d50ad5ad15a14385caedfa9454032b18f29056af720a3681b1617df8157f7a7f2d6bfed2161699

Download Submit